From 0653224cf9f7fed1a3a8e7b5164fcbfa5a7c1988 Mon Sep 17 00:00:00 2001
From: pizzaboxer <41478239+pizzaboxer@users.noreply.github.com>
Date: Wed, 9 Feb 2022 07:56:32 +0000
Subject: [PATCH] Turns out I forgot to commit this: Add proper SendTop
 implementation to 2011

---
 PolygonClientUtilities/Config.h           | 20 +++++----
 PolygonClientUtilities/Logger.cpp         |  2 +-
 PolygonClientUtilities/RobloxMFCClasses.h | 10 +++++
 PolygonClientUtilities/RobloxMFCHooks.cpp | 55 +++++++++++++++++++++--
 PolygonClientUtilities/RobloxMFCHooks.h   | 12 +++++
 PolygonClientUtilities/dllmain.cpp        |  4 ++
 6 files changed, 90 insertions(+), 13 deletions(-)

diff --git a/PolygonClientUtilities/Config.h b/PolygonClientUtilities/Config.h
index e1e8a39..46584b6 100644
--- a/PolygonClientUtilities/Config.h
+++ b/PolygonClientUtilities/Config.h
@@ -1,17 +1,18 @@
 #pragma once
 
-#define MFC2010
+#define MFC2011
 #define PLAYERBUILD
 #define ARBITERBUILD
 
-#define DEBUG_SERVERREPLICATOR__PROCESSPACKET
+// #define DEBUG_SERVERREPLICATOR__PROCESSPACKET
 
 // when PLAYERBUILD is defined, the following changes occur for 2010 and 2012 only:
 // the -jobId arg is parsed
 
 // when ARBITERBUILD is defined, the following changes occur:
-// DataModel->getJobId is hooked
-// StandardOut->print is hooked
+// DataModel::getJobId is hooked
+// DataModel::~DataModel is hooked
+// StandardOut::print is hooked
 // Network::RakNetAddressToString is hooked
 // -jobId arg becomes available
 // HTTP requests and output messages are logged to a file
@@ -25,9 +26,8 @@
 #define ADDRESS_NETWORK__RAKNETADDRESSTOSTRING     0x004FC1A0
 #define ADDRESS_HTTP__TRUSTCHECK                   0x005A2680
 #define ADDRESS_CRYPT__VERIFYSIGNATUREBASE64       0x0079ECF0
-
+#define ADDRESS_SERVERREPLICATOR__SENDTOP          0x00506910
 #define ADDRESS_SERVERREPLICATOR__PROCESSPACKET    0x00507420
-#define ADDRESS_RAKNET__BITSTREAM                  0x004DBF00
 
 // MFC specific definitions
 #define CLASSLOCATION_CROBLOXAPP                   0x00BFF898
@@ -45,6 +45,7 @@
 
 // RakNet packet definitions
 #define ID_TIMESTAMP                               25
+#define ID_SET_GLOBALS                             95
 #define ID_REQUEST_CHARACTER                       96
 #define ID_DATA                                    98
 #define ID_SUBMIT_TICKET                           104
@@ -55,10 +56,13 @@
 #define CLASSPADDING_DATAMODEL__JOBID              740 // when compiled as debug, this must be 739
 
 #define ADDRESS_DATAMODEL__GETJOBID                0x005E70C0
+#define ADDRESS_DATAMODEL__DESTRUCT                0x006002A0
 #define ADDRESS_STANDARDOUT__PRINT                 0x005B25E0
 #define ADDRESS_NETWORK__RAKNETADDRESSTOSTRING     0x0
 #define ADDRESS_HTTP__TRUSTCHECK                   0x005B7050
 #define ADDRESS_CRYPT__VERIFYSIGNATUREBASE64       0x00809EC0
+#define ADDRESS_SERVERREPLICATOR__SENDTOP          0x00513E80
+#define ADDRESS_SERVERREPLICATOR__PROCESSTICKET    0x00514B60
 
 // MFC specific definitions
 #define CLASSLOCATION_CROBLOXAPP                   0x00CBA8A0
@@ -74,10 +78,8 @@
 #define ADDRESS_CROBLOXCOMMANDLINEINFO__PARSEPARAM 0x0045EE50
 #define ADDRESS_CCOMMANDLINEINFO__PARSELAST        0x0081354A
 
-#define ID_TIMESTAMP                               27
-
+// RakNet definitions
 #define ID_SET_GLOBALS                             127
-// guess: #define ID_TEACH_DESCRIPTOR_DICTIONARIES 128
 #define ID_DATA                                    129
 #define ID_REQUEST_MARKER                          130
 #define ID_PHYSICS                                 131
diff --git a/PolygonClientUtilities/Logger.cpp b/PolygonClientUtilities/Logger.cpp
index 81ec1c4..38f6819 100644
--- a/PolygonClientUtilities/Logger.cpp
+++ b/PolygonClientUtilities/Logger.cpp
@@ -1,7 +1,7 @@
 #include "pch.h"
 #include "Logger.h"
 
-#pragma warning(disable : 4996)
+//#pragma warning(disable : 4996)
 
 HANDLE Logger::handle;
 std::ofstream Logger::outputLog;
diff --git a/PolygonClientUtilities/RobloxMFCClasses.h b/PolygonClientUtilities/RobloxMFCClasses.h
index 0373c5c..c87a7d6 100644
--- a/PolygonClientUtilities/RobloxMFCClasses.h
+++ b/PolygonClientUtilities/RobloxMFCClasses.h
@@ -18,6 +18,16 @@ struct Packet
 	void* padding2[1];
 	unsigned char* data;
 };
+
+struct ConcurrentRakPeer {};
+struct RakPeerInterface {};
+
+struct ServerReplicator
+{
+	void* padding1[1869]; // offset of 0 -> 7476
+	bool padding2;        // offset of 7476 -> 7477
+	bool isAuthenticated; // offset of 7477 -> 7478
+};
 #endif
 
 #if defined(MFC2010) || defined(MFC2011)
diff --git a/PolygonClientUtilities/RobloxMFCHooks.cpp b/PolygonClientUtilities/RobloxMFCHooks.cpp
index b26816a..3994299 100644
--- a/PolygonClientUtilities/RobloxMFCHooks.cpp
+++ b/PolygonClientUtilities/RobloxMFCHooks.cpp
@@ -3,8 +3,10 @@
 #include "Patches.h"
 #include "Config.h"
 #include "Util.h"
-#include "Logger.h"
 #include "LUrlParser.h"
+#ifdef ARBITERBUILD
+#include "Logger.h"
+#endif
 
 static bool hasAuthUrlArg = false;
 static bool hasAuthTicketArg = false;
@@ -17,6 +19,8 @@ static std::wstring authenticationTicket;
 static std::wstring joinScriptUrl;
 static std::string jobId;
 
+static std::map<ServerReplicator*, RakPeerInterface*> rakPeers;
+
 // Functions //
 
 Http__trustCheck_t Http__trustCheck = (Http__trustCheck_t)ADDRESS_HTTP__TRUSTCHECK;
@@ -25,6 +29,10 @@ Crypt__verifySignatureBase64_t Crypt__verifySignatureBase64 = (Crypt__verifySign
 DataModel__getJobId_t DataModel__getJobId = (DataModel__getJobId_t)ADDRESS_DATAMODEL__GETJOBID;
 StandardOut__print_t StandardOut__print = (StandardOut__print_t)ADDRESS_STANDARDOUT__PRINT;
 // Network__RakNetAddressToString_t Network__RakNetAddressToString = (Network__RakNetAddressToString_t)ADDRESS_NETWORK__RAKNETADDRESSTOSTRING;
+#ifdef MFC2011
+ServerReplicator__sendTop_t ServerReplicator__sendTop = (ServerReplicator__sendTop_t)ADDRESS_SERVERREPLICATOR__SENDTOP;
+ServerReplicator__processTicket_t ServerReplicator__processTicket = (ServerReplicator__processTicket_t)ADDRESS_SERVERREPLICATOR__PROCESSTICKET;
+#endif
 #ifdef PLAYER2012
 Application__ParseArguments_t Application__ParseArguments = (Application__ParseArguments_t)ADDRESS_APPLICATION__PARSEARGUMENTS;
 #endif
@@ -128,6 +136,47 @@ void __fastcall StandardOut__print_hook(int _this, void*, int type, std::string*
 //     return Network__RakNetAddressToString(raknetAddress, portDelineator);
 // }
 
+#ifdef MFC2011
+void __fastcall ServerReplicator__sendTop_hook(ServerReplicator* _this, void*, RakPeerInterface* peer)
+{
+    if (_this->isAuthenticated)
+    {
+        // printf("ServerReplicator::sendTop called: player is authenticated\n");
+        ServerReplicator__sendTop(_this, peer);
+    }
+    else if (rakPeers.find(_this) == rakPeers.end())
+    {
+        // printf("ServerReplicator::sendTop called: player is not authenticated\n");
+        rakPeers.insert(std::pair<ServerReplicator*, RakPeerInterface*>(_this, peer));
+    }
+}
+
+void __fastcall ServerReplicator__processTicket_hook(ServerReplicator* _this, void*, Packet* packet)
+{
+    ServerReplicator__processTicket(_this, packet);
+
+    // THIS IS TEMPORARY
+    // i literally cant find a way to obtain rakpeerinterface from _this, like it's really damn hard
+    // so i'm cheating on doing that by getting rakpeerinterface from the first sendtop call,
+    // throwing that into a lookup table and then using that here
+
+    auto pos = rakPeers.find(_this);
+    if (pos == rakPeers.end())
+    {
+        // printf("ServerReplicator::sendTop called: could not find rakpeer for %08X\n", (int)_this);
+    }
+    else if (_this->isAuthenticated)
+    {
+        // printf("ServerReplicator::sendTop called: Value of peer: %08X - associated with %08X\n", (int)pos->second, (int)_this);
+        ServerReplicator__sendTop_hook(_this, nullptr, pos->second);
+    }
+    else
+    {
+        // printf("ServerReplicator::sendTop called: player is not authenticated\n");
+    }
+}
+#endif
+
 #ifdef PLAYER2012
 BOOL __fastcall Application__ParseArguments_hook(int _this, void*, int a2, const char* argv)
 {
@@ -196,7 +245,7 @@ BOOL __fastcall CRobloxApp__InitInstance_hook(CRobloxApp* _this)
             CRobloxDoc* document = CRobloxApp__CreateDocument(_this);
             CWorkspace__ExecUrlScript(document->workspace, joinScriptUrl.c_str(), VARIANTARG(), VARIANTARG(), VARIANTARG(), VARIANTARG(), nullptr);
         }
-        catch (std::runtime_error& exception)
+        catch (std::runtime_error)// & exception)
         {
             // MessageBoxA(nullptr, exception.what(), nullptr, MB_ICONERROR);
             return FALSE;
@@ -344,4 +393,4 @@ INT __fastcall ServerReplicator__processPacket_hook(int _this, void*, Packet* pa
 
     return ServerReplicator__processPacket(_this, packet);
 }
-#endif
\ No newline at end of file
+#endif
diff --git a/PolygonClientUtilities/RobloxMFCHooks.h b/PolygonClientUtilities/RobloxMFCHooks.h
index 4efce6c..1abe760 100644
--- a/PolygonClientUtilities/RobloxMFCHooks.h
+++ b/PolygonClientUtilities/RobloxMFCHooks.h
@@ -10,6 +10,10 @@ typedef void(__thiscall* Crypt__verifySignatureBase64_t)(HCRYPTPROV* _this, char
 typedef INT(__thiscall* DataModel__getJobId_t)(DataModel* _this, int a2);
 typedef void(__thiscall* StandardOut__print_t)(int _this, int type, std::string* message);
 // typedef std::string(__thiscall* Network__RakNetAddressToString_t)(const int raknetAddress, char portDelineator);
+#ifdef MFC2011
+typedef void(__thiscall* ServerReplicator__sendTop_t)(ServerReplicator* _this, RakPeerInterface* peer);
+typedef void(__thiscall* ServerReplicator__processTicket_t)(ServerReplicator* _this, Packet* packet);
+#endif
 #ifdef PLAYER2012
 typedef BOOL(__thiscall* Application__ParseArguments_t)(int _this, int a2, const char* argv);
 #endif
@@ -31,6 +35,10 @@ void __fastcall Crypt__verifySignatureBase64_hook(HCRYPTPROV* _this, void*, char
 INT  __fastcall DataModel__getJobId_hook(DataModel* _this, void*, int a2);
 void __fastcall StandardOut__print_hook(int _this, void*, int type, std::string* message);
 // std::string  __fastcall Network__RakNetAddressToString_hook(const int raknetAddress, char portDelineator);
+#ifdef MFC2011
+void __fastcall ServerReplicator__sendTop_hook(ServerReplicator* _this, void*, RakPeerInterface* peer);
+void __fastcall ServerReplicator__processTicket_hook(ServerReplicator* _this, void*, Packet* packet);
+#endif
 #ifdef PLAYER2012
 BOOL __fastcall Application__ParseArguments_hook(int _this, void*, int a2, const char* argv);
 #endif
@@ -52,6 +60,10 @@ extern Crypt__verifySignatureBase64_t Crypt__verifySignatureBase64;
 extern DataModel__getJobId_t DataModel__getJobId;
 extern StandardOut__print_t StandardOut__print;
 // extern Network__RakNetAddressToString_t Network__RakNetAddressToString;
+#ifdef MFC2011
+extern ServerReplicator__sendTop_t ServerReplicator__sendTop;
+extern ServerReplicator__processTicket_t ServerReplicator__processTicket;
+#endif
 #ifdef PLAYER2012
 extern Application__ParseArguments_t Application__ParseArguments;
 #endif
diff --git a/PolygonClientUtilities/dllmain.cpp b/PolygonClientUtilities/dllmain.cpp
index 87df7b8..5f87a0e 100644
--- a/PolygonClientUtilities/dllmain.cpp
+++ b/PolygonClientUtilities/dllmain.cpp
@@ -11,6 +11,10 @@ ADD_PATCH(Crypt__verifySignatureBase64, Crypt__verifySignatureBase64_hook)
 ADD_PATCH(DataModel__getJobId, DataModel__getJobId_hook)
 ADD_PATCH(StandardOut__print, StandardOut__print_hook)
 // ADD_PATCH(Network__RakNetAddressToString, Network__RakNetAddressToString_hook)
+#ifdef MFC2011
+ADD_PATCH(ServerReplicator__sendTop, ServerReplicator__sendTop_hook)
+ADD_PATCH(ServerReplicator__processTicket, ServerReplicator__processTicket_hook)
+#endif
 #ifdef PLAYER2012
 ADD_PATCH(Application__ParseArguments, Application__ParseArguments_hook)
 #endif